"Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part of highly-targeted attacks."
"The development comes less than a month after it emerged that a security flaw in WhatsApp ( CVE-2025-55177, CVSS score: 5.4) was chained with an Apple iOS bug ( CVE-2025-43300, CVSS score: 8.8) as part of zero-click attacks. WhatsApp subsequently told The Hacker News that it had sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign. It's not known who, and which commercial spyware vendor, is behind the activity."
"The disclosure comes as Apple has introduced a security feature in the latest iPhone models called Memory Integrity Enforcement (MIE) to combat memory corruption vulnerabilities and make it harder for surveillance vendors, who typically rely on such zero-days for planting spyware on a target's phone. In a report published this week, the Atlantic Council said the number of United States investors in spyware and surveillance technologies jumped from 11 in 2023 to 31 last year, surpassing other major investing countries such as Israel, Italy, and the United Kingdom."
Apple sent alerts to users in France on September 3, 2025 indicating that at least one device linked to affected iCloud accounts may have been compromised in targeted spyware attacks. CERT-FR said these attacks target individuals for their status or function, including journalists, lawyers, activists, politicians, and senior officials. A chained zero-click exploit combined a WhatsApp flaw (CVE-2025-55177, CVSS 5.4) with an iOS bug (CVE-2025-43300, CVSS 8.8). WhatsApp reported sending in-app warnings to fewer than 200 potentially targeted users. Apple added Memory Integrity Enforcement (MIE) to recent iPhones to mitigate memory corruption zero-days. An Atlantic Council report noted U.S. investor growth in spyware and surveillance technologies from 11 to 31.
#spyware #zero-click-exploits #apple-ios-security #whatsapp-vulnerability #surveillance-industry-investment
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]